Add to collection(s) Add to saved
  1. Science
  2. Biology
  3. Cell Biology
  4. DNA

Document 1

advertisement 
Erin Purnell
Computer Security – Assignment 2
The purpose of this paper is to discuss the different biometric technologies used in security,
access control, and identification. Biometrics is a way of identifying an individual from others based on
human traits. There are physiological and behavioral characteristics which include, but are not limited
to, fingerprinting, palm printing, DNA, iris and retina scans, scent, face recognition, voice, and gait. We
will discuss a few of these and what makes each of them better or worse than the others based on a set
of standards we will develop. Things to consider would be speed, accuracy, affordability, possibility of
errors, invasiveness, etc. More common methods of access control and security are identification cards,
passwords, pin numbers, passports, and the ability to answer certain specific questions. Currently we
are seeing this technology become must more common in companies’ hiring processes, amusement
parks, high security buildings, concerts, and many more public situations. Biometrics is more accurate,
reliable, and secure since these tests are unique to each person and difficult to replicate or imitate.
However, the use of fingerprinting and DNA analysis poses the issue of privacy and anonymity since this
information must all be stored in databases to be able to verify and compare against.1 The governments
of countries that utilize this technology will most likely not release all capabilities and information on
how the data is being collected and what it could be used for.2 While this type of security has not yet
been more widely implemented than identification cards and passwords, it is very likely that companies
and technologies begin to adopt these principles and integrate into their policies and products. For
example, many smart phones and PCs are beginning to include a fingerprint or retina scanner feature for
easy login.3 While these features can be turned off on your personal devices, if required to enter a
building or obtain a job, ethical questions will have to start being asked and likewise, answered. A part
of the discussion will address these types of issues, but the discussion will mainly attempt to analyze the
different types of biometric data and identification and which is most useful for its intended purpose:
security.
The system we will use for comparing different biometrics and making an informed intelligent
decision as to which is “best” to use, will be composed of different talking points and concerns from the
business’/implementers’ side and the end-users’ side. Since security is the foremost concern, it is safe to
say that accuracy is the most important thing to consider when choosing the best biometric technology
1
"Biometrics security solutions". sourcesecurity.com. Retrieved 22 August 2013.
"Biometrics: Overview". Biometrics.cse.msu.edu. 6 September 2007.
Jain, A., Hong, L., & Pankanti, S. (2000). "Biometric Identification". Communications of the ACM, 43(2), p. 91-98.
DOI 10.1145/328236.328110
Jain, Anil K.; Ross, Arun (2008). "Introduction to Biometrics". In Jain, AK; Flynn; Ross, A. Handbook of Biometrics.
Springer. pp. 1–22. ISBN 978-0-387-71040-2.
2
Defense Science Board (DSB) (September 2006). "Chapter 17, Recommendation 45". Unclassified Report of the
Defense Science Board Task Force. Washington, D.C. 20301-3140: Office of the Under Secretary of Defense For
Acquisition, Technology, and Logistics. p. 84.
3
Get a reference
for identifying unique users. Since many aspects of humans’ biology are so similar from person to
person, if a test was inaccurate, there would be no use for it and would also allow for fraud.
Reproducibility, while a very important aspect, cannot be separated from accuracy. If a test is accurate
consistently—and that is what is meant by accuracy—then it must be reproducible. There is a slight
difference in this case though; if a test is accurate so long as the data does not change, reproducibility is
not a concern. However, if someone has a fingerprint that is altered by a scar, while the test itself may
be accurate, it becomes difficult to reproduce in that situation—this will be addressed specifically within
the fingerprint/palm/iris/retina scan sections. I would also suggest combining affordable and available
together since equipment that is difficult to obtain is more than likely expensive. There is a difference
here though too—there may be equipment that is expensive but prevalent or cheap but rare. In either
case, if a company or person is set on one type of technology, price may not be much of an issue.
Likewise, if a company or person is trying to spend only a certain amount of money, the biometric test
itself must not be of much concern. It is when both are taken into consideration that we must analyze
the value of the test. For this reason, we’ll keep them as one validation point. Speed is a very necessary
point to consider. If it takes someone 20 minutes to log into their computer because the biometric
analysis software is that slow, that would likely not be welcomed. If it took a person thirty minutes to
validate that they are in fact who they are so that they can enter an amusement park or their work
office, this would be a very serious inconvenience and waste of time. Users of these technologies,
especially those that are required involuntarily, should not be inconvenienced so severely. We would
hope that this fantastic technology would be more convenient than carrying ID cards or remembering
specific information since it certainly is more secure. The analysis should be non-invasive for the
consumer, non-embarrassing, and not harmful. It should also not contain/store too much information
about the biometric that is obtained. For example, a test that resulted in an entire medical diagnosis
being available to the system would not be welcomed by many users. A person would most likely not
want to have to urinate in public to get into an office building or get pricked in the finger to give a blood
sample. These tests must be convenient and also only give out the information necessary to identify
them from someone else, not release personal information into the database of the facility—which
could be hacked. For these reasons, we will combine non-invasive, non-embarrassing, and non-harmful
into one category and consider it last on the list of qualifications since, again, we are most concerned
with security for the sake of this argument. There is an article that also lists universality—meaning that
every user needs to possess the trait, uniqueness—meaning that the trait itself must be unique enough
between individuals to identify one from the other, permanence—meaning that the trait must not
change much over time (the fingerprinting scar example given earlier), measurability—referring to the
ease of collection (urine example above), performance—speed of the test (mentioned above),
acceptability—individuals being willing to participate (mentioned above when talking about
invasiveness, etc), and circumvention—referring to ease of replication (security).4 The only one we had
not mentioned previously is that the trait itself must be universal, but that is assumed in our accuracy
discussion. These factors must all be considered when deciding which technology is best and they will be
4
Jain, A.K.; Bolle, R.; Pankanti, S., eds. (1999). Biometrics: Personal Identification in Networked Society. Kluwer
Academic Publications. ISBN 978-0-7923-8345-1.
addressed within our discussion of the other factors for each of the biometric tests we will analyze. The
guide for decision making will then be as follows, always with security in mind:




Accuracy and Reproducibility
- Circumvention of trait
- Uniqueness of trait
- Permanence of trait
Affordability and Obtainability of equipment
Speed
- Performance of test
Non-Invasiveness, Non-Embarrassing, Non-Harmful
- Measurability of trait
- Acceptability of test
We will discuss 5 categories of traits that could be considered most common to these types of test.
They are all mentioned in the introduction of this discussion but have been categorized a bit. First is
finger-printing and palm-printing. We will compare and choose a winner. DNA with contain blood and
saliva. A winner will be chosen. Face recognition will be considered independently. Iris and retina scans
will be considered and a winner will be chosen. Voice will be considered independently as well. We can
then choose an overall winner for “best” biometric test to use when attempting to be secure and
perform as best as possible in the above four validation categories.
Finger-printing and palm-printing are probably the most common technology used. These two
methods have been being used since it was possible to dip the finger or hand into any type of ink or
paint and transfer the image onto some kind of paper. Digital fingerprinting has only become common in
recent years but it much more accurate with the use of 3D digital finger printing as of 2010. No two
finger prints have ever shown to be identical (uniqueness has not been proven though) which means
that the accuracy of finger and palm print analysis is very high. The only situation where someone would
not be identified as themselves is in the case of a scar or mutilation to the print, in which case their
profile would need to be updated or a court decision would have to be “null.” However, we do need to
consider that fingerprints are prevalent where a person resides or spends a significant amount of time
and are easily picked up with a material as common as tape. Fingerprints can be planted at crime scenes
or copied to some sort of material and used for entry into secure systems and buildings. I would think
obtaining a fingerprint would be much easier than an entire palm for circumvention. I would suggest
that palm prints have a bit more security than finger prints because the lines on the palm are just as
unique as the finger so it would follow that more unique lines would mean more secure analysis. Finger
and palm printing are non-invasive, non-embarrassing, and only harmful in the event that ink or paint
was used and there was some sort of allergy involved. DNA can be obtained from fingerprints in some
situations but if the test is strictly printing, exposing too much personal information is irrelevant. The
speed of the test itself is rather fast when taking the actual print. The speed of the comparison to preexisting profiles for that particular person would depend on the system’s speed but would be the fastest
of all tests since it would just be a comparison of images. The printing itself can be a bit tedious—the
person taking the actual print must be careful of sweat, dirt, etc. and friction so that the print comes out
as clearly as possible. Also the print can and will appear slightly different each time it is taken depending
on the outside conditions which might cause a bit of stress on the machine doing the comparison. This
might be the most cautious process of all of the biometric tests since it involves human error.
Regardless, the technology is probably the easiest to obtain and fairly non-expensive (as little as $150)5
other than the actual database where the information is held based on size capacity. We will declare the
fingerprint to be the winner of the two in this situation based on the sole reason that it is much easier to
obtain a clear, accurate image of each finger individually than it is to get the entire palm at once clearly.
Otherwise, the two are tied since you can do each finger individually and store to one user file and
obtain the same amount of prints per individual.
DNA extraction is next. The two examples we’ll look at are blood and saliva. Accuracy and
reproducibility are extremely high in this case. A person’s DNA does not change over time and is 100%
different than all other individuals other than the rare case of identical siblings. There can be machine
error in extracting the DNA from the samples themselves, but this process is all but perfect. Machines
running DNA analysis generally take a few hours which would be a serious problem if you needed to
enter your home or login to your computer. This wait is only worth it in court cases, profiling, medical
testing, etc. because of its accuracy and telling abilities about the subject—which poses another one of
our issues. The amount of personal information that can be obtained from DNA is more than most
would want to expose. There are plenty of mental diseases and disorders and other embarrassing and
incriminating (in some cases) that a person could have and want to keep private that would all be on
display through DNA analysis. Yes, only the match is what is being sought after when we speak about
security, but all of the information is stored in those databases regardless of the purpose of the
database. If a storage facility containing that information would ever be broken into, the amount of
personal information extracted would be immense and extremely invasive. Also, the government is fully
capable of requesting DNA database information from not just this country, but other countries if they
claim it is a “national security concern”—or something similar. Because DNA contains such valuable
information, almost all databases are known and can be taken without the individuals being notified.
The cost of DNA equipment can range from a few hundred to a few thousand dollars.6 The equipment is
very obtainable—a simple Google search returns thousands of results ranging from home use machines
to FBI-worthy equipment. The big issue with DNA testing is that it can be extremely invasive in more
than a few ways. The unlikelihood of someone wanting to swab the inside of their cheek every time they
enter their building goes without saying. While obtaining saliva is not harmful, obtaining blood in every
circumstance is. At the very least, the individual would have a small hole on the finger and at most, vials
of blood taken. This is not efficient in time or extraction but is extremely efficient in accuracy and
security. Unfortunately, it is very easy to plant DNA at crime scenes or to bring DNA to test as someone
other than yourself. Blood and saliva are not necessarily easy, but hair, skin, sweat, etc. are very easy to
obtain and plant. For the reasons discussed above, all forms of DNA (skin, blood, saliva, etc.) are all
equally accurate but have different levels of embarrassment and harmfulness. When speaking directly
5
6
Gokeyless.com
Acelabsystems.com
about blood and saliva, saliva is the obvious winner as far as harm goes but both are tied in all other
aspects. There is a good chance of DNA being compromised from environmental elements and can be
easily contaminated if the proper precautions are not taken.
Face recognition is sufficiently accurate when the image is taken full frontal or from 20 degrees to
each side.7 There are weaknesses though when a more extreme angle has to be used. Doing facial
feature analysis with skin texture analysis increases accuracy 20-25%.8 Face recognition can be analyzed
using a variety of algorithms including eye placement, skin texture, etc. It also relies heavily on the
lighting of the image and things the individual might be wearing or using to cover parts of their face.
Facial expressions can also alter the result.9 Also, it has been shown that sometimes just the installation
of a camera system linked to a facial recognition machine can be more effective than the analysis itself
because criminals will avoid that area for fear of being detected. The machines necessary can range in
price from low to high depending on the functionality of the camera to the software for detection that it
is difficult to quantify. Speed works in a similarly dependent-on-the-technology way. While the facial
recognition isn’t particularly embarrassing itself, usually these are implemented in public areas where
multiple people can be profiled at the same time, while sometimes doing embarrassing actions—not
thinking they are being watched. Being able to capture multiple people at once is definitely a plus,
though. A definite benefit to facial recognition is that it is impossible to plant another person’s face as
evidence or bring another person’s face to pass as your own—unless the fraud itself is a crime
(something seriously disturbing). With security cameras installed, faces can be obtained without the
individuals’ consent which separates this type of biometric from most others that have been discussed
and it not necessarily a good thing when speaking of security. If a machine can run facial recognition off
of a picture of another person’s face, the security of actually having to be the person you are claiming to
be is nullified. As far as personal security and access control go though, facial recognition seems to be a
fairly good solution.
Next we’ll discuss iris recognition and retinal scans. The two are often confused but are very
different. Retinal scans look at the pattern of blood vessels at the back of the eye. Every individual has a
unique and permanent retina, even in the case of identical twins. While these blood vessel patterns are
mainly permanent other than in the case of diabetes and glaucoma. This makes it the “most precise and
reliable biometric, aside from DNA.”10 The error rate for this analysis is as low as 1 in a million. This type
of test is extremely fast—the scan takes seconds and the analysis takes only seconds as well. However,
there are several minutes that an individual must spend in darkness to allow the pupil to open. It is
absolutely not reproducible unless someone were to have the eye of another person—another
unspeakable situation. The technology is absolutely non-embarrassing and does not contain much
information other than the image itself and the person’s identity relative to prior records. The only
possible issues are that a person may have light-sensitivity and the infrared light that is projected into
7
Williams, Mark. "Better Face-Recognition Software".
Williams, Mark. "Better Face-Recognition Software".
9
Bonsor, K. "How Facial Recognition Systems Work".
10
Retina and Iris Scans. Encyclopedia of Espionage, Intelligence, and Security. Copyright © 2004 by The Gale
Group, Inc.
8
the individual’s eye could be painful and that some perceive this to be invasive because of the close
proximity to the camera equipment. The cost is a bit high, usually in the thousands.11 Besides the
invasiveness and cost, this is a very accurate and secure technology. Iris recognition is the identification
of an individual based on the complex patterns on the persons’ iris (colored part of the eye). The rate of
false match is “infinitesimally small.”12 The pattern of the eye is more permanent as than retina which is
extremely beneficial, but the uniqueness has not been proven, much like the fingerprint. Much like the
retina though, even identical twins do not have identical irises since they are formed during gestation no
genetically. This type of test is more common than a retinal scan and the databases housing these
images can be searched at a rate of millions of templates per second. This type of test is much less
invasive and harmful than the retina scan since the images can be taken up close or a few feet away;
there is no necessity to be close to equipment or have a light projected into your eye. It also cannot
reveal any personal information just based off of this test. The scanners can be fooled though with a
high-quality image where a retina scan cannot. The iris scanners are relatively expensive much like the
retina scanners. The short comings of retina scans are that they are invasive and can change over time
with disease. The short coming of iris recognition is that the iris can change pattern depending on how
dilated the eye is at the time and also, you can fool the camera with a high-quality picture. This will
definitely be the most difficult distinction but when it comes to security, circumvention is a serious issue
and while potential changes in retina patterns can—but most likely will not—occur, the risk for someone
posing as another is high which defeats the purpose of security for access control and identification. The
winner here will be retina scans and we will have to live with the potential invasiveness.
Lastly, we’ll talk about voice recognition—also referred to as speaker recognition since it is
identifying who is talking not what is being said.13 There are two different types: verification and
identification; we will not distinguish between the two for the validation points. There are also textdependent and text-independent tests. Both are just as accurate but the text-dependent case can ask
for other identifying information. The text-independent test can allow for an invasive recording of the
person’s voice without their knowledge. The test is fairly accurate but can be affected by an individual
with a cold, background noise, voice changes over time with age, etc. Also, if a high quality recording
was played into a speaker, falsification is easily achievable making access control and identity
verification unsecure. It is extremely fast and can be performed in less than 30 seconds.14 To be able to
differentiate between a digital voice (recording) and a real voice requires a highly trained forensic expert
or very expensive software. It harmless, non-embarrassing, and does not reveal personal information.
11
Timeclockeshop.com
En.wikipedia.org/wiki/iris_recognition
13
Kinnunen, Tomi; Li, Haizhou (1 January 2010). "An overview of text-independent speaker recognition: From
features to supervectors". Speech Communication 52 (1): 12–40.
14
Matt Warman (8 May 2013). "Say goodbye to the pin: voice recognition takes over at Barclays Wealth"
12
The best of each category are as follows: fingerprinting, saliva (DNA), face recognition, retina scan, voice
recognition. Now we must compare them. I have compiled a chart below to summarize what has been
written above: (x denotes an issue, o denotes efficiency)
Accuracy
Fingerprinting
DNA
Face recognition
Retina scan
Voice recognition
O
O
X
O
X
Affordability &
Obtainability
Medium
High
Medium
High
Medium
Speed
Invasiveness
O
X
O
O
O
O
X
O
X
O
Overall
security
Medium
High
Medium-low
High
Medium-low
We consider face and voice recognition to be low in accuracy since various changes and angles can
affect accuracy. We consider the cost of DNA and retina scans to be an inconvenience. We consider the
speed of DNA to also be a serious inconvenience. The invasiveness of DNA and retina scans are an issue,
DNA much more than retina. As far as overall security goes, face recognition, voice recognition, and
fingerprinting are the most replicable of the 5. Since we are to consider security first and foremost, DNA
and retina scans are the two winners. Between these, retina scans win because of the speed which is
very important in high-profile cases, access, and identification processes. While we’d like to choose
fingerprinting because of its ease, it is difficult to overlook how simple planting or picking up a
fingerprint for falsification can be. The retina scan and iris recognition distinction was also a difficult one
but because of the threat of falsification, retina must be chosen as far as security and accuracy go. So
while retina is our winner, I think a full assessment of some of the most common biometric technologies
shows that most are fairly accurate and inexpensive. They can be implemented at business and homes
alike.
Related documents
Security methods and devices, including biometrics
Security methods and devices, including biometrics
Cow/Sheep eye dissection Quiz
Cow/Sheep eye dissection Quiz
Cow Eye Dissection Data Sheet
Cow Eye Dissection Data Sheet
Double Helix Movie : 1.Who is one of the “believers”?
Double Helix Movie : 1.Who is one of the “believers”?
12 work - rbonczewski
12 work - rbonczewski
Concept Mapping Chapter 13
Concept Mapping Chapter 13
Download
advertisement